GESTION DES RÔLES DANS LA PARTIE ADMINISTRATION

par **Spols** » 18 févr. 2020, 17:12

ben le message te dit que l'index en question n'est pas trouvé. à mon avis la session est vide la première fois il faut en tenir compte
avec un isset pour détection et une valeur par défaut.

par **cyci60** » 18 févr. 2020, 16:41

mysql> SELECT * FROM user;
+----+---------+----------------------------------+------+
| id | login | password | role |
+----+---------+----------------------------------+------+
| 1 | admin | 21232f297a57a5a743894a0e4a801fc3 | 3 |
| 2 | editeur | 83bf682ab8af89096e70ac65429cc5a8 | 2 |
| 3 | aucun | 520f22fa15b66c5aae61d8ad110da1df | 1 |
+----+---------+----------------------------------+------+
3 rows in set (0.00 sec)

mysql> SELECT * FROM user_action;
+----+--------------+--------+
| id | name | slug |
+----+--------------+--------+
| 1 | Accueil | index |
| 2 | Images | image |
| 3 | Upload | upload |
| 4 | Utilisateurs | user |
+----+--------------+--------+
4 rows in set (0.00 sec)

mysql> SELECT * FROM user_permission;
+----+-------------+-----------+
| id | min_role_id | action_id |
+----+-------------+-----------+
| 1 | 2 | 1 |
| 2 | 4 | 2 |
| 3 | 5 | 3 |
| 4 | 5 | 4 |
+----+-------------+-----------+
4 rows in set (0.00 sec)

mysql> SELECT * FROM user_role;
+----+----------------+-------+
| id | name | level |
+----+----------------+-------+
| 1 | Aucun | 0 |
| 2 | Editeur | 1 |
| 3 | Administrateur | 2 |
+----+----------------+-------+
3 rows in set (0.00 sec)

mysql> NOTEE;

par **cyci60** » 18 févr. 2020, 14:38

Bien joué, merci bien mais maintenant j'ai ce message (Notice: Undefined index: level in C:\wamp64\www\exercice-projet-images\process\process-permission.php on line 9) & (Notice: Undefined index: role in C:\wamp64\www\exercice-projet-images\process\process-display-menu.php on line 5)

par **Saian** » 18 févr. 2020, 13:31

Salut, il doit manquer un session_start() non ?

par **cyci60** » 18 févr. 2020, 13:17

Bonjour, je n'arrive pas à résoudre ces erreurs -> (Notice: Undefined variable: _SESSION in C:\wamp64\www\exercice-projet-images\process\process-permission.php on line 10) & (Notice: Undefined variable: _SESSION in C:\wamp64\www\exercice-projet-images\process\process-permission.php on line 12) & (Notice: Undefined variable: _SESSION in C:\wamp64\www\exercice-projet-images\process\process-display-menu.php on line 5) & (Notice: Undefined variable: _SESSION in C:\wamp64\www\exercice-projet-images\process\process-display-menu.php on line 8) & (Warning: Invalid argument supplied for foreach() in C:\wamp64\www\exercice-projet-images\process\process-display-menu.php on line 13)

Merci pour votre aide


class User {

	public function __construct() {

    }

    public function authUser($login_form, $password_form) {

        $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
        $mysqli->set_charset("utf8");

        if($mysqli->connect_errno) {

            printf("Echec de la connexion: %s\n", $mysqli->connect_error);

            exit();

            $login_form = $mysqli->real_escape_string($login_form);
            $password_form = $mysqli->real_escape_string($password_form);

            $salt = 'F4813NN3';
            $md5_password = md5($password_form . $salt);

            $ql = 'SELECT COUNT(U.id), U.id, U.login, U.password, U.role, R.level FROM user AS U INNER JOIN user_role AS R
            ON(login = "' . $login_form . '" AND password = "' . $md5_password . '" AND U.role = R.id)';

            $result = $mysqli->query($sql);
            
            if(!$result) {

            	echo 'Une erreur est survenue lors de la récupération des données dans la base. Message d\'erreur :
                ' . $mysqli->error;

                return false;
            }
            else {

               $row = $result->fetch_array();

               $user_data['count'] = $row['COUNT(id)'];
               $user_data['id'] = $row['id'];
               $user_data['login']  = $row['login'];
               $user_data['password'] = $row['password'];

               return $user_data ;
           }

           $mysqli->close();
       }
   }

   public function lenght_control($text, $limit) {

    $lenght = strlen($text);

    if($lenght > $limit) {

        return false;
    }
    else {

        return true;
    }
}

public function login_authorized($login) {

    $authorized_characters = array 
    ('a','b','c','d','e','é','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','
        x','y','z','á','à','â','ä','ã','å','ç','é','è','ê','ë','í','ì','î','ï','ñ','ó','ò','ô','ö','õ','ú'
        ,'ù','û','ü','ý','ÿ','Á','À','Â','Ä','Ã','Å','Ç','É','È','Ê','Ë','Í','Ï','Î','Ì','Ñ','Ó','Ò','Ô','
        Ö','Õ','Ú','Ù','Û','Ü','Ý','0','1','2','3','4','5','6','7','8','9');

    $login_lenght = strlen($login);
    $login_error = 0;

    for($i = 0; $i < $login_lenght; $i++) {

        if(!in_array(strtolower($login[$i]), $authorized_characters)) {

            $login_error++;
        }
    }

    if($login_error > 0) {

        return false;
    }
    else {

        return true;
    }
}

public function password_authorized($password) {

    $unauthorized_characters = array ("'", "''", "-");

    $password_lenght = strlen($password);
    $password_error = 0;

    for($i = 0; $i < $password_lenght; $i++) {

        if(in_array(strtolower($password[$i]), $unauthorized_characters)) {

            $password_error++;
        }
    }

    if($password_error > 0) {

        return false;
    }
    else {

        return true;
    }
}

public function insertUser($login_form, $password_form) {

    $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
    $mysqli->set_charset("utf8");

    if($mysqli->connect_errno) {

        printf("Echec de la connexion: %s\n", $mysqli->connect_error);

        exit();

        $login_form = $mysqli->real_escape_string($login_form);
        $password_form = $mysqli->real_escape_string($password_form);

        $salt = 'F4813NN3';
        $md5_password = md5($password_form . $salt);

        $sql = 'INSERT INTO user (id, login, password) VALUES ("' . $login_form . '", "' . $password_form . '")';

        $result = $mysqli->query($sql);

        if(!$result) {

            echo 'L\'utilisateur n\'a pas pu être créer';

            return false;
        }
        else {

            return true;
        }

        $mysqli->close();
    }
}

public function displayMenu($user_role_id) {

    $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
    $mysqli->set_charset("utf8");

    if($mysqli->connect_errno) {

        printf("Echec de la connexion: %s\n", $mysqli->connect_error);

        exit();
    }

    $sql = 'SELECT name, slug FROM user_action AS A INNER JOIN user_permission AS P
    ON(A.id = P.action_id AND min_role_id < ' . $user_role_id . ')';

    $result = $mysqli->query($sql);

    if(!$result) {

        echo 'Une erreur est survenue lors de la récupération des données dans la base. Message d\'erreur :
        ' . $mysqli->error;

        return false;
    }
    else {

        while($row = $result->fetch_array()) {

            $menu_data[] = $row;
        }

        if(isset($menu_data)) {

            return $menu_data;
        }
        else {

            return false;
        }
    }

    $mysqli->close();
}

public function checkUserPermission($user_role_id, $action_slug) {

    $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
    $mysqli->set_charset("utf8");

    if($mysqli->connect_errno) {

        printf("Echec de la connexion: %s\n", $mysqli->connect_error);

        exit();
    }

    $sql = 'SELECT P.min_role_id, P.action_id FROM user_permission AS P INNER JOIN user_action AS A
    ON(A.slug = "' . $action_slug . '" AND P.action_id = A.id)';

    $result = $mysqli->query($sql);

    if(!$result) {

        echo 'Une erreur est survenue lors de la récupération des données dans la base. Message d\'erreur :
        ' . $mysqli->error;

        return  false;
    }
    else {

        $row = $result->fetch_array();

        if($row['min_role_id'] > $user_role_id) {

            return false;
        }
        else {

            return true;
        }
    }

    $mysqli->close();
}

public function displayUserRoles() {

    $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
    $mysqli->set_charset("utf8");

    if($mysqli->connect_errno) {

        printf("Echec de la connexion: %s\n", $mysqli->connect_error);

        exit();
    }

    $sql = 'SELECT id, name FROM user_role';
    $result = $mysqli->query($sql);

    if(!$result) {

        echo 'Une erreur est survenue lors de la récupération des données dans la base. Message d\'erreur :
        ' . $mysqli->error;

        return false;
    }
    else {

        while ($row = $result->fetch_array()) {

            $roles_data[$row['id']] = $row['name'];
        }

        if(isset($roles_data)) {

            return $roles_data;
        }
        else
        {

            return false;
        }
    }

    $mysqli->close();
}
}

?>


$action_slug = substr($filename, 0, 4);

$user = new user();
$userPermission = $user->checkUserPermission($_SESSION['level'], $action_slug);

if($userPermission === false) {

	echo 'Erreur. Cette page n\'existe pas.';

	exit;

$user = new User();
$menu_items = $user->displayMenu($_SESSION['user_role']);

$menu_html = '';

foreach($menu_items as $id => $menu_items) {

	$name = $menu_items['name'];
	$slug = $menu_items['slug'];

	$menu_html .= '<li><a href="' . $slug . '.php">' . $name . '</a></li>' . "\n";
}

require('../config.php');
require('../class/User.php');

$filename = basename( __FILE__ );

require('../process/process-permission.php');

GESTION DES RÔLES DANS LA PARTIE ADMINISTRATION

Répondre

Étendre la vue Revue du sujet : GESTION DES RÔLES DANS LA PARTIE ADMINISTRATION

Re: GESTION DES RÔLES DANS LA PARTIE ADMINISTRATION

Re: GESTION DES RÔLES DANS LA PARTIE ADMINISTRATION

Re: GESTION DES RÔLES DANS LA PARTIE ADMINISTRATION

Re: GESTION DES RÔLES DANS LA PARTIE ADMINISTRATION

GESTION DES RÔLES DANS LA PARTIE ADMINISTRATION